[wp-trac] [WordPress Trac] #42948: Backbone client sending empty string in X-WP-Nonce header by default in some cases
WordPress Trac
noreply at wordpress.org
Tue Feb 27 00:12:36 UTC 2018
#42948: Backbone client sending empty string in X-WP-Nonce header by default in
some cases
--------------------------+------------------------------
Reporter: FPCSJames | Owner: adamsilverstein
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.9.5
Component: REST API | Version: 4.9.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by FPCSJames):
I do not have any plugins overriding wp_create_nonce.
I tested your patch, but unfortunately, it did not work. My original
suggestion, checking whether the nonce is empty before options.beforeSend
is set, does work.
I believe I found the real issue. Keep in mind that in my use case, I'm
embedding wp-api.js and my code outside of a WP deployment, so
wpApiSettings is statically generated. Right now, that's only defining the
root and versionString parameters.
In wp.api.init, the line:
`attributes.nonce = args.nonce || wpApiSettings.nonce || '';`
checks to see if init() is called directly with a nonce argument (it's not
- undefined), if it's defined in wpApiSettings (it's not - undefined) and
defaulting to an empty string otherwise. Therefore, from what I can tell,
either that line needs to change to default to null instead of an empty
string, or my change of isNull to isEmpty in sync() needs to be applied.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42948#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list